I've needed to use it in some scripts for checking/managing content on FUSE mounts which are mounted without “-o allow_root”, here calling the script through sudo doesn't do the full job as root can't access the content through the fuse-based mount so we sudo again to impersonate the user owning the mount.
 if the script may be a while doing other things before the first sudo call, you might want to run “sudo -v”² early on meaning the user can give auth at the start if needed so they don't run your script, it ask for auth a minute later, and them not notice as they are looking at something else at the time.
 from the manpage: -v, --validate, Update the user's cached credentials, authenticating the user if necessary.
also, sudo can be used to explicitly whitelist certain commands, so "killall processname" can work, but "rm - rf" wont. If you run the whole script as root, everyone who can edit can introduce a footgun.